compiling sendmail to 8.13.6
Ok, I just cvsup'd and it did not pull down the sources for sendmail 8.13.6 ( I might still have misunderstanding of what exactly cvsup does). Anyway, I took matters into my own hands, and I was wondering if my procedure would be considered acceptable by my peers. So, this is what I did: 1) pulled down sendmail.8.13.6.tar.gz from sendmail.org. 2) read FREEBSD-upgrade doc from /usr/src/contrib/sendmail, and found this info For the import of sendmail, the following files were removed: Build cf/cf/Build cf/cf/generic-*.cf devtools/* doc/op/op.ps */Build [e-v]*/*.0 sendmail/makesendmail sendmail/sysexits.h The following directories were renamed: sendmail - src 3) untared sendmail.8.13.6.tar.gz, and made the exact same changes to files/folders listed above. Rename source folder to just 'sendmail' 4) remove /usr/src/contrib/sendmail. Replace with my new sendmail directory that I just downloaded and edited 5) re-compile sendmail as most all howtos dictate: # cd /usr/src/lib/libsm # make obj make depend make # cd /usr/src/lib/libsmutil # make obj make depend make # cd /usr/src/usr.sbin/sendmail/ # make obj make depend make make install 6) cd /etc/mail/ do a make all install restart 7) reboot. When the system came back up, the sendmail banner tells me its running 8.13.6/8.13.4. would this mean im upgraded to the latest and am now without a shadow of a doubt secure against this latest sendmail threat? Would that have been an acceptable way to upgrade a production server (and should I do it again, this time on my production sendmail server)? Thanks for reading! jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: compiling sendmail to 8.13.6
In the last episode (Mar 25), Jonathan Horne said: Ok, I just cvsup'd and it did not pull down the sources for sendmail 8.13.6 ( I might still have misunderstanding of what exactly cvsup does). Anyway, I took matters into my own hands, and I was wondering if my procedure would be considered acceptable by my peers. So, this is what I did: cvsup updates the FreeBSD source tree to whatever the developers have committed. A patch for the issue (not an update to 8.13.6) was applied to most branches. When the system came back up, the sendmail banner tells me its running 8.13.6/8.13.4. would this mean im upgraded to the latest and am now without a shadow of a doubt secure against this latest sendmail threat? Would that have been an acceptable way to upgrade a production server (and should I do it again, this time on my production sendmail server)? Yes, you are now running sendmail 8.13.6. No, this is probably not the best way to patch a production server :) For a small version bump like the sendmail one, you didn't break anything, but in general, replacing part of the base system wholesale could cause problems due to dependencies of other parts of the sytem on a particular version, or different compile-time settings between FreeBSD and the source distribution. Just running cvsup, verifying that you now have the version numbers listed in the security advisory, and rebuilding what the advisory tells you to, would have sufficed. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]